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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
November 27, 2006 has been entered. 

Claim Rejections -35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1, 3, 4, 6, 7, 9-11, 13, 14, 27, 30, 35, 37-39, 41-44, 53, and 55 are 
rejected under 35 U.S.C. 103(a) as being unpatentable over Genty et al (US Patent 
#6,473,863) in view of Afek et al (US PGPUB US2002/0083175) in view of Maeshima et 
al (US Patent #6,092,113). 

Claim 1 discloses a method comprising: establishing a packet tunnel between a 
first local area network and a second local area network, the packet tunnel having a 
source network address within an address space of the first local area network and a 
destination network address within an address space of the second local area network; 
reserving for the packet tunnel an amount of bandwidth within an access link; detecting 
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a network attack; in response to the detected network attack, splitting the packet tunnel 
by selecting an intermediate network device, wherein the intermediate network device 
has a network address from a network address space other than the address space of 
the first local area network and the address space of the second local area network; 
establishing a first packet tunnel from the first local area network to the intermediate 
network device; establishing a second packet tunnel that originates from the 
intermediate network device to the second local area network; canceling the reserved 
bandwidth for the packet tunnel; reserving fro the second packet tunnel an amount of 
bandwidth within the access link; and communicating a virtual private network (VPN) 
traffic from the first local area network to the second local area network by redirecting 
the VPN traffic from the first local area network to the intermediate network device 
through the first packet tunnel and forwarding the VPN traffic from the intermediate 
network device to the second local area network through the second packet tunnel. 
Genty et al teaches of a tunnel between a source and destination (figure 7), an attack is 
detected (column 5, lines 48-52), a secondary tunnel can be established with different 
addresses (column 5, lines 63-67 - column 6, lines 1-6, 20-24), a secondary tunnel is 
established (figure 7), and upon detecting a network attack canceling the bandwidth in 
the packet tunnel (column 6, lines 31-33). It fails to teach of reserving for the packet 
tunnels an amount of bandwidth within an access link, in response to the detected 
network attack, splitting the packet tunnel by selecting an intermediate network device, 
wherein the intermediate network device has a network address from a network address 
space other than the address space of the first local area network and the address 
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space of the second local area network, establishing a first packet tunnel from the first 
local area network to the intermediate network device, establishing a second packet 
tunnel that originates from the intermediate network device to the second local area 
network, canceling the reserved bandwidth for the packet tunnel and communicating a 
virtual private network (VPN) traffic from the first local area network to the second local 
area network by redirecting the VPN traffic from the first local area network to the 
intermediate network device through the first packet tunnel and forwarding the VPN 
traffic from the intermediate network device to the second local area network through 
the second packet tunnel. Afek et al teaches of a different networks are connected 
together (paragraph 245), data is diverted to the guards upon detection of an attack 
which can be from another LAN (paragraphs 250, 252, and 253), data is directed from 
the source to the guard (paragraph 267), data is sent from the guard to the target 
(paragraph 267), and upon an attack data sent to the target is routed to the guards via a 
tunnel and then from the guards to the target (paragraphs 252 and 267). 

Genty et al and Afek et al are analogous are because they are both related to 
network protection. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the guards and redirection taught in Afek et al with the system in 
Genty et al because enhanced protection from distributed denial of service attacks is 
provided (Afek, paragraph 8). 

Genty et al in view of Afek et al teaches of the limitations as recited above. It 
fails to teach of reserving for the packet tunnel an amount of bandwidth within an 
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: access link, canceling the reserved bandwidth for the packet tunnel and reserving 
bandwidth for the new packet tunnel. Maeshima et al teaches of reserving bandwidth 
for every IP tunnel on the network (column 3, lines 1-23, 28-32) and reserves the 
bandwidth once needed (column 5, lines 28-41). 

Genty et al in view of Afek et al and Maeshima et al are analogous art because 
they are related to virtual private network setup. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the bandwidth reservation in Maeshima et al with the system in 
Genty et al in view of Afek et al because it is possible to construct a VPN which enables 
assurance of bandwidth (Maeshima, column 3, lines 42-46). 

Claim 3 discloses the method of claim 1, wherein the source network address 
and the destination network address comprise Internet Protocol (IP) addresses. Genty 
et al further teaches the addresses are IP addresses (column 5, lines 1-5). 

Claim 4 discloses the method of claim 1 , wherein detecting a network attack 
comprises detecting an attack on the access link coupling a destination network device 
to a network. Genty et al further teaches an attack can be detected on the network 
(column 5, lines 48-52). 

Claim 6 discloses the method of claim 1 , further comprising exchanging a set of 
available network addresses between a source network device originating the packet 
tunnel and a destination network device terminating the packet tunnel, wherein the set 
of available network addresses correspond to a plurality of intermediate network 
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devices. Genty et al further teaches each device has a set of several addresses, which 
are exchanged to each device (column 5, lines 34-41). 

Claim 7 discloses the method of claim 1 , wherein splitting the packet tunnel by 
selecting an intermediate device comprises: maintaining a set of available network 
addresses for a plurality of available intermediate network devices, wherein the network 
addresses are within network address spaces other than the address space of the first 
local area network and the address space of the second local area network; and 
selecting one of the network addresses. Genty et al further teaches of maintaining a set 
of available addresses and selecting an address as a net address and making a new 
tunnel (column 5, lines 34-41, 48-59, 63-67 - column 6, lines 1-6). Afek et al further 
teaches of having multiple sub networks involved which the devices in each sub 
network would have addresses from their native network address spaces (paragraph 
245). 

Claim 9 discloses the method of claim 8, further comprising: upon detecting a 
network attack, sending a message from the destination network device to the source 
network device instructing the source network device to establish the first packet tunnel 
with the intermediate network device. Maeshima et al further teaches of establishing a 
first tunnel with an intermediate device (figure 9A, column 4, lines 44-49). 

Claim 10 discloses the method of claim 9, further comprising: establishing a 
secure signaling channel between the source network device and the destination 
network device; and sending the message via the secure signaling channel. Genty et al 
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further teaches of a virtual private network as a secure connection and sending data 
over a secure channel (column 1, lines 19-25, figure 7). 

Claim 1 1 discloses the method of claim 1 , further comprising de-encapsulating at 
the intermediate network device packets received from the first packet tunnel; and re- 
encapsulating the packets at the intermediate network device for communication via the 
second packet tunnel. Genty et al further teaches of encapsulating a packet for 
transmission through a tunnel and using this encapsulation is widely known in the art 
(column 4, lines 9-15). 

Claim 14 discloses the method of claim 1 , wherein reserving an amount of 
bandwidth comprises sending a reservation message from a destination network device 
terminating the packet tunnel to a service provider access device. Maeshima further 
teaches of sending a message from a host (column 3, lines 28-32). 

Claim 15 discloses the method of claim 14, wherein sending a reservation 
message comprises sending the reservation message according to the Resource 
Reservation Protocol (RSVP). Maeshima further teaches of using RSVP to reserve the 
bandwidth (column 3, lines 14-16). 

Claim 27 discloses a method comprising: establishing virtual private network 
service including a packet tunnel having a source network address within an address 
space of the first local area network and a destination network address within an 
address space of the second local area network; reserving for the packet tunnel an 
amount of bandwidth within an access link; detecting a network attack; establishing new 
virtual private network service upon detecting the network attack, by selecting an 



Application/Control Number: 10/057,043 Page 8 

Art Unit: 2141 

intermediate network device having a network address from a network address space 
other than the address space of the first local area network and the address space of 
the second local area network; establishing a first packet tunnel from the first local area 
network to the intermediate network device; and establishing a second packet tunnel 
that originates from the intermediate network device to the second local area network; 
canceling the reserved bandwidth for the packet tunnel after establishing the new virtual 
private network service; and reserving for the second packet tunnel an amount of 
bandwidth within the access link upon canceling the reserved bandwidth for the packet 
tunnel. Genty et al teaches of a tunnel between a source and destination (figure 7), an 
attack is detected (column 5, lines 48-52), a secondary tunnel is established (figure 7), 
and upon detecting a network attack canceling the bandwidth in the packet tunnel 
(column 6, lines 31-33). It fails to teach of reserving for the packet tunnels an amount of 
bandwidth within an access link, in response to the detected network attack, 
establishing a new virtual private network service by selecting an intermediate network 
device, wherein the intermediate network device has a network address from a network 
address space other than the address space of the first local area network and the 
address space of the second local area network, establishing a first packet tunnel from 
the first local area network to the intermediate network device, establishing a second 
packet tunnel that originates from the intermediate network device to the second local 
area network, and canceling the reserved bandwidth for the packet tunnel. Afek et al 
teaches of a different networks are connected together (paragraph 245), data is diverted 
to the guards upon detection of an attack which can be from another LAN (paragraphs 
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250, 252, and 253), data is directed from the source to the guard (paragraph 267), data 
is sent from the guard to the target (paragraph 267), and upon an attack data sent to the 
target is routed to the guards via a tunnel and then from the guards to the target 
(paragraphs 252 and 267). 

Genty et al and Afek et al are analogous are because they are both related to 
network protection. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the guards and redirection taught in Afek et al with the system in 
Genty et al because enhanced protection from distributed denial of service attacks is 
provided (Afek, paragraph 8). 

Genty et al in view of Afek et al teaches of the limitations as recited above. It 
fails to teach of reserving for the packet tunnel an amount of bandwidth within an 
access link, canceling the reserved bandwidth for the packet tunnel and reserving 
bandwidth for the new packet tunnel. Maeshima et al teaches of reserving bandwidth 
for every IP tunnel on the network (column 3, lines 1-23, 28-32) and reserves the 
bandwidth once needed (column 5, lines 28-41). 

Genty et al in view of Afek et al and Maeshima et al are analogous art because 
they are related to virtual private network setup. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the bandwidth reservation in Maeshima et al with the system in 
Genty et al in view of Afek et al because it is possible to construct a VPN which enables 
assurance of bandwidth (Maeshima, column 3, lines 42-46). 
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Claim 30 discloses the method of claim 27, wherein detecting a network attack 
comprises detecting an attack on an access link coupling a destination network device 
to a network. Genty et al further teaches an attack can be detected on the network 
(column 5, lines 48-52). 

Claim 35 discloses a system comprising a source device coupled to a first local 
area network; and a destination device coupled to a second local area network, wherein 
the source device and the destination device establish a packet tunnel having a source 
network address within an address space of the first local area network and a 
destination network address within an address space of the second local area network, 
reserve for the packet tunnel an amount of bandwidth within an access link, upon 
detecting a network attack, select a new network address from a network address 
space other than the address space of the first local area network and the address 
space of the second locale area network, and split the packet tunnel b establishing a 
first packet tunnel from the first local area network to an intermediate network device 
having the network address and establishing a second packet tunnel from the 
intermediate network device to the second local area, wherein the destination device 
cancels the reserved bandwidth for the packet tunnel after the second packet tunnel is 
established, and reserves for the second packet tunnel an amount of bandwidth within 
the access link upon canceling the reserved bandwidth for the packet tunnel and 
wherein the source device communicates virtual private network (VPN) traffic from the 
first local area network to the second local area network by redirecting the VPN traffic 
from the first local area network to the intermediate network device through the first 
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packet tunnel for forwarding the intermediate network device to the second local area 
network through the second packet tunnel. Genty et al teaches of a tunnel between a 
source and destination, an attack is detected, a secondary tunnel is established 
(column 5, lines 48-52, figure 7), and upon detecting a network attack canceling the 
bandwidth in the packet tunnel (column 6, lines 31-33). It fails to teach of reserving for 
the packet tunnels an amount of bandwidth within an access link, in response to the 
detected network attack, splitting the packet tunnel by selecting an intermediate network 
device,' wherein the intermediate network device has a network address from a network 
address space other than the address space of the first local area network and the 
address space of the second local area network, establishing a first packet tunnel from 
the first local area network to the intermediate network device, establishing a second 
packet tunnel that originates from the intermediate network device to the second local 
area network, canceling the reserved bandwidth for the packet tunnel and 
communicating a virtual private network (VPN) traffic from the first local area network to 
the second local area network by redirecting the VPN traffic from the first local area 
network to the intermediate network device through the first packet tunnel and 
forwarding the VPN traffic from the intermediate network device to the second local area 
network through the second packet tunnel. Afek et al teaches of a different networks 
are connected together (paragraph 245), data is diverted to the guards upon detection 
of an attack which can be from another LAN (paragraphs 250, 252, and 253), data is 
directed from the source to the guard (paragraph 267), data is sent from the guard to 
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the target (paragraph 267), and upon an attack data sent to the target is routed to the 
guards via a tunnel and then from the guards to the target (paragraphs 252 and 267). 

Genty et al and Afek et al are analogous are because they are both related to 
network protection. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the guards and redirection taught in Afek et al with the system in 
Genty et al because enhanced protection from distributed denial of service attacks is 
provided (Afek, paragraph 8). 

Genty et al in view of Afek et al teaches of the limitations as recited above. It 
fails to teach of reserving for the packet tunnel an amount of bandwidth within an 
access link, canceling the reserved bandwidth for the packet tunnel and reserving 
bandwidth for the new packet tunnel. Maeshima et al teaches of reserving bandwidth 
for every IP tunnel on the network (column 3, lines 1-23, 28-32) and reserves the 
bandwidth once needed (column 5, lines 28-41). 

Genty et al in view of Afek et al and Maeshima et al are analogous art because 
they are related to virtual private network setup. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the bandwidth reservation in Maeshima et al with the system in 
Genty et al in view of Afek et al because it is possible to construct a VPN which enables 
assurance of bandwidth (Maeshima, column 3, lines 42-46). 
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Claim 37 discloses the system of claim 35, wherein the source network address 
and the destination network address comprise Internet Protocol (IP) addresses. Genty 
et al further teaches the addresses are IP addresses (column 5, lines 1-5). 

Claim 38 discloses the system of claim 35, wherein the destination device and 
the source device comprise edge routers that couple local area networks to the network. 
Genty et al further teaches the system can be accomplished by routers (column 3, lines 
21-26). 

Claim 39 discloses the system of claim 35, wherein the destination device 
detects an attack on an access link coupling the destination device to the network. 
Genty et al further teaches an attack can be detected on the network (column 5, lines 
48-52). 

Claim 41 discloses the system of claim 35, wherein the destination device and 
the source device exchange a set of available network addresses for the source 
network address and the destination network address of the packet tunnel. Genty et al 
further teaches each device has a set of several addresses, which are exchanged to 
each device (column 5, lines 34-41). 

Claim 42 discloses the system of claim 35, wherein the destination device 
comprises a storage medium to store a set of available network addresses for use as 
the source network address and the destination network address of the packet tunnel. 
Genty et al further teaches each device has a set of several addresses (column 5, lines 
34-41). 
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Claim 44 discloses the system of claim 35, wherein the intermediate network 
device de-encapsulates packets received from the first packet tunnel and re- 
encapsulates the packets for communication to the destination device via the second 
packet tunnel. Genty et al further teaches of encapsulating a packet for transmission 
through a tunnel and using this encapsulation is widely known in the art (column 4, lines 
9-15). 

Claim 53 discloses a computer-readable medium comprising instructions to 
cause a processor to: establish a packet tunnel having a source network address within 
an address space of a first local area network and a destination network address within 
an address space of a second local area network; reserve for the packet tunnel an 
amount of bandwidth within an access link; detect a network attack; in response to the 
detected network attack, split the packet tunnel by selecting an intermediate network 
device, wherein the intermediate network device has a network address from a network 
address space other than the address space of the first local area network and the 
address space of the second local area network; communicate the network address to 
the source device for establishing a first packet tunnel from the first local area network 
to the intermediate network device; establish a second packet tunnel that originates 
from the intermediate network device to the second local area network; cancel the 
reserved bandwidth for the packet tunnel; reserve for the second packet tunnel an 
amount of bandwidth within the access link; and receive virtual private network (VPN) 
traffic that was redirected from the first local area network to the intermediate network 
device through the first packet tunnel and forwarded the VPN traffic from the 
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intermediate network device to the second local area network through the second 
packet tunnel. Genty et al teaches of a tunnel between a source and destination (figure 
7), an attack is detected (column 5, lines 48-52), a secondary tunnel can be established 
with different addresses (column 5, lines 63-67 - column 6, lines 1-6, 20-24), a 
secondary tunnel is established (figure 7), and upon detecting a network attack 
canceling the bandwidth in the packet tunnel (column 6, lines 31-33). It fails to teach of 
reserving for the packet tunnels an amount of bandwidth within an access link, in 
response to the detected network attack, splitting the packet tunnel by selecting an 
intermediate network device, wherein the intermediate network device has a network 
address from a network address space other than the address space of the first local 
area network and the address space of the second local area network, establishing a 
first packet tunnel from the first local area network to the intermediate network device, 
establishing a second packet tunnel that originates from the intermediate network 
device to the second local area network, canceling the reserved bandwidth for the 
packet tunnel and communicating a virtual private network (VPN) traffic from the first 
local area network to the second local area network by redirecting the VPN traffic from 
the first local area network to the intermediate network device through the first packet 
tunnel and forwarding the VPN traffic from the intermediate network device to the 
second local area network through the second packet tunnel. Afek et al teaches of a 
different networks are connected together (paragraph 245), data is diverted to the 
guards upon detection of an attack which can be from another LAN (paragraphs 250, 
252, and 253), data is directed from the source to the guard (paragraph 267), data is 
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sent from the guard to the target (paragraph 267), and upon an attack data sent to the 
target is routed to the guards via a tunnel and then from the guards to the target 
(paragraphs 252 and 267). 

Genty et al and Afek et al are analogous are because they are both related to 
network protection. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the guards and redirection taught in Afek et al with the system in 
Genty et al because enhanced protection from distributed denial of service attacks is 
provided (Afek, paragraph 8). 

Genty et al in view of Afek et al teaches of the limitations as recited above. It 
fails to teach of reserving for the packet tunnel an amount of bandwidth within an 
access link, canceling the reserved bandwidth for the packet tunnel and reserving 
bandwidth for the new packet tunnel. Maeshima et al teaches of reserving bandwidth 
for every IP tunnel on the network (column 3, lines 1-23, 28-32) and reserves the 
bandwidth once needed (column 5, lines 28-41). 

Genty et al in view of Afek et al and Maeshima et al are analogous art because 
they are related to virtual private network setup. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the bandwidth reservation in Maeshima et al with the system in 
Genty et al in view of Afek et al because it is possible to construct a VPN which enables 
assurance of bandwidth (Maeshima, column 3, lines 42-46). 
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Claim 55 discloses the computer-readable medium of claim 53, further 
comprising instructions to cause the processor to select the intermediate network device 
by: maintaining a set of available network addresses; and selecting one of the network 
addresses. Genty et al further teaches of maintaining a set of available addresses and 
selecting an address as a net address and making a new tunnel (column 5, lines 34-41 , 
48-59, 63-67 - column 6, lines 1-6). 

Claims 2 and 36 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Genty et al (US Patent #6,473,863) in view of Afek et al (US PGPUB US2002/0083175) 
in view of Maeshima et al (US Patent #6,092,1 13) as applied to claims 1 and 35 above, 
and further in view of Adams et al (US PGPUB US2003/0016679). 

Claims 2 and 36 disclose the method and system of claims 1 and 35 wherein the 
source network address and the destination network address comprise port numbers. 
Genty et al in view of Afek et al in view of Maeshima et al teaches of the limitations of 
claims 1 and 35 as recited above. It fails to teach of the addresses comprising of port 
numbers. Adams et al teaches of control information being an IP address or a port 
number among other information (paragraph 21, lines 1-8). 

Genty et al in view of Afek et al in view of Maeshima et al and Adams et al are 
analogous art because they are both related to routing data over a network. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the control information in Adams et al with the system in Genty et al 
in view of Afek et al in view of Maeshima et al because the packet is able to be sent to 
its next destination once the information is known (Adams, paragraph 21, lines 8-12). 
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Claims 12, 13, 45, and 46 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Genty et al (US Patent #6,473,863) in view of Afek et al (US PGPUB 
US2002/0083175) in view of Maeshima et al (US Patent #6,092,1 13) as applied to 
claims 8 and 43 above, and further in view of Jorgensen (US PGPUB 
US2002/0099854). 

Claim 12 discloses the method of claim 1, further comprising: establishing a 
secure signaling channel between a source network device and a destination network 
device; sending via the secure signaling channel control packets between the source 
network device and the destination network device to monitor the performance of the 
first and second packet tunnels; and selecting a new intermediate network device when 
the performance reaches a minimum threshold. Genty et al in view of Afek et al in view 
of Maeshima et al teaches of the limitations of claim 8 as recited above. It fails to teach 
of sending messages to monitor performance and making changes based on 
performance. Jorgensen teaches of monitoring, control, service, modify and repair a 
system by sending messages monitoring the performance and making changes based 
on performance (paragraph 612). 

Genty et al in view of Afek et al in view of Maeshima et al and Jorgensen are 
analogous art because they are related to network setup and control. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the monitoring in Jorgensen with the system in Genty et al in view 
of Afek et al in view of Maeshima et al because proactive provisioning of additional 
resources can occur (Jorgensen, paragraph 612, lines 7-9). 
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Claim 13 discloses the method of claim 12, further comprising maintaining a set 
of possible intermediate network devices for a plurality of available intermediate network 
devices, wherein the network addresses are within network address spaces other than 
the address space of the first local area network and the address space of the second 
local area network, and wherein selecting the intermediate network device comprises 
selecting one of the possible intermediate network devices from the set. Genty et al 
further teaches of each device has a set of several addresses, which are exchanged to 
each device, and the second device is selected from this list (column 5, lines 34-41). 

Claim 45 discloses the system of claim 35, wherein the source device and the 
destination device establish a secure signaling channel and send via the secure 
signaling channel control packets to monitor the performance of the first and second 
packet tunnels. Genty et al in view of Afek et al in view of Maeshima et al teaches of 
the limitations of claim 43 as recited above. It fails to teach of monitoring performance. 
Jorgensen teaches of monitoring, control, service, modify and repair a system by 
sending messages monitoring the performance (paragraph 612). 

Genty et al in view of Afek et al in view of Maeshima et al and Jorgensen are 
analogous art because they are related to network setup and control. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the monitoring in Jorgensen with the system in Genty et al in view 
of Afek et al in view of Maeshima et al because proactive provisioning of additional 
resources can occur (Jorgensen, paragraph 612, lines 7-9). 
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Claim 46 discloses the system of claim 45, wherein the destination device selects 
a new intermediate network device when the performance reaches a minimum 
threshold. Jorgensen further teaches of making changes based on the performance 
when monitoring (paragraph 612). 

Claims 16, 17, and 29 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Genty et al (US Patent #6,473,863) in view of Afek et al (US PGPUB 
US2002/0083175) in view of Maeshima et al (US Patent #6,092,1 13) as applied to 
claims 1 and 27 above, and further in view of Shawcross (US Patent #6,880,090). 

Claim 16 discloses the method of claim 1, wherein establishing a packet tunnel 
comprises: maintaining a set of available multicast network addresses; selecting one of 
the multicast network addresses for the packet tunnel; and subscribing to a multicast 
channel for the selected multicast network address. Genty et al in view of Afek et al in 
view of Maeshima et al teaches of the limitations of claim 1 as recited above. It fails to 
teach of using multicast addresses. Shawcross teaches of maintaining a set of 
multicast addresses, selecting a multicast address and subscribing to the multicast 
addresses (column 5, lines 60-67, column 6, lines 1-5). 

Genty et al in view of Afek et al in view of Maeshima et al and Shawcross are 
analogous art because they are related to network attack prevention. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the multicast addressing in Shawcross with the system in Genty et 
al in view of Afek et al in view of Maeshima et al because the technique prevents 
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unauthorized personnel from knowing which address to disrupt (Shawcross, column 6, 
lines 12-14). 

Claim 17 discloses the method of claim 16, wherein establishing a second packet 
tunnel comprises: unsubscribing to the multicast channel; selecting one of the multicast 
network addresses for the destination network address; establishing the second packet 
tunnel using the new destination address; and subscribing to a multicast channel for the 
selected multicast network address. Shawcross further teaches of unsubscribing the 
multicast channel, selecting a multicast channel, establishing a new tunnel and 
subscribing to a multicast addresses (column 2, lines 62-67 - column 3, lines 1-17, 
column 9, lines 5-10, 36-42). 

Claim 29 discloses the method of claim 27, wherein establishing a packet tunnel 
comprises: maintaining a set of available multicast network addresses; selecting one of 
the .multicast network addresses for the destination network address of the packet 
tunnel; and subscribing to a multicast channel for the selected multicast network 
address. Genty et al in view of Afek et al in view of Maeshima et al teaches of the 
limitations of claim 27 as recited above. It fails to teach of using multicast addresses. 
Shawcross teaches of maintaining a set of multicast addresses, selecting a multicast 
address and subscribing to the multicast addresses (column 5, lines 60-67, column 6, 
lines 1-5). 

Genty et al in view of Afek et al in view of Maeshima et al and Shawcross are 
analogous art because they are related to network attack prevention. 
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At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the multicast addressing in Shawcross with the system in Genty et 
al in view of Afek et al in view of Maeshima et al because the technique prevents 
unauthorized personnel from knowing which address to disrupt (Shawcross, column 6, 
lines 12-14). 

Response to Arguments 

Applicant's arguments with respect to claims 1, 27, 35, and 53 have been 
considered but are moot in view of the new ground(s) of rejection. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. Genty et al (US Patent #6,738,910) teaches of an Internet snoop 
avoider. Barr et al (US PGPUB US2006/0050719) teaches of selective diversion and 
injection of communication traffic. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brian J. Gillis whose telephone number is 571-272- 
7952. The examiner can normally be reached on M-F 7:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Rupal Dharia can be reached on 571-272-3880. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should , 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Sen/ice Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Brian J Gillis 
Examiner 
Art Unit 2141 
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